f545cc2609bc5dfc9d42f077fd22b5fea41141c55f3a9b46b65c986367ab3954

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
07-12-2024 20:11

Target

main.exe
Size

17.9MB
MD5

a63bd4e602564cc972dbe79115ef82f4
SHA1

35d29010f361ef281020562c150077acf0254079
SHA256

f545cc2609bc5dfc9d42f077fd22b5fea41141c55f3a9b46b65c986367ab3954
SHA512

28f39fb25fb8d770caa3c15c43447d77c66677954c01a3fa9ae0081152e250350c03f63fb85f50a8b971c8152995bd8dcd5332a9614539a3990237c8b4c547a7
SSDEEP

393216:ZqPnLFXlrNQPDOETgsvfGCkgNYkHvEjpWrvqa2m:QPLFXNNQ6E0AYks0rvX

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
2064	main.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x000500000001a4d6-112.dat	upx
behavioral1/memory/2064-114-0x000007FEF6770000-0x000007FEF6BDE000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2692 wrote to memory of 2064	2692	main.exe	31
PID 2692 wrote to memory of 2064	2692	main.exe	31
PID 2692 wrote to memory of 2064	2692	main.exe	31

C:\Users\Admin\AppData\Local\Temp\main.exe
"C:\Users\Admin\AppData\Local\Temp\main.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2692
- C:\Users\Admin\AppData\Local\Temp\main.exe
  "C:\Users\Admin\AppData\Local\Temp\main.exe"
  2⤵
  - Loads dropped DLL
  PID:2064

C:\Users\Admin\AppData\Local\Temp\_MEI26922\python310.dll

Filesize
1.4MB

MD5
69d4f13fbaeee9b551c2d9a4a94d4458

SHA1
69540d8dfc0ee299a7ff6585018c7db0662aa629

SHA256
801317463bd116e603878c7c106093ba7db2bece11e691793e93065223fc7046

SHA512
8e632f141daf44bc470f8ee677c6f0fdcbcacbfce1472d928576bf7b9f91d6b76639d18e386d5e1c97e538a8fe19dd2d22ea47ae1acf138a0925e3c6dd156378

Download Submit
memory/2064-114-0x000007FEF6770000-0x000007FEF6BDE000-memory.dmp

Filesize
4.4MB

Download